[ https://issues.apache.org/jira/browse/GUACAMOLE-1603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman closed GUACAMOLE-1603. ------------------------------------ Resolution: Invalid > guacamole SAML 1.4 authentication loop > -------------------------------------- > > Key: GUACAMOLE-1603 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-1603 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-saml > Affects Versions: 1.4.0 > Reporter: Sid Bose > Priority: Major > > I have a working setup with ms app proxy in front end internet facing and > guacamole with SAML ext of 1.3 with below guacamole.properties file. > # Available as "Login URL" from the Azure Active Directory Console > saml-idp-metadata-url: file:///etc/guacamole/metadata.xml > > # The Entity ID you assigned to this application > saml-entity-id: https://example.privatedomain.com > > # The redirect URL > saml-callback-url: https://example-public.msappproxy.net/ > > saml-debug: true > Now when you use https://example-public.msappproxy.net/ it redirects to azure > for authentication and then redirects to guacamole but in the browser the URI > remains as > "https://example-public.msappproxy.net/#/?responseHash=E666C2CD34669C06776889QCJKADTAOIUD8A763FD0B77F" > > But with SAML 1.4 this setup ends up in loop from ms to guacamole and back. > MS App proxy setup is exactly the same. Are there any additional config > required at guacamole or MS end? > NOTE: Just a brief MS app proxy has got both reply URI set > "https://example.privatedomain.com" and > "https://example-public.msappproxy.net/" but the MS app proxy one as default. > Below is the error in guacamole logs for 1.4 > ERROR c.onelogin.saml2.authn.SamlResponse - The response was received at > https://example.privatedomain.com/api/ext/saml/callback instead of > https://example-public.msappproxy.net/api/ext/saml/callback > -- This message was sent by Atlassian Jira (v8.20.7#820007)